Authentication - Plexos Pay

API Keys

All API requests require a Bearer token in the Authorization header:

Authorization: Bearer sk_test_YOUR_API_KEY

Prefix	Environment	Real Charges
`sk_test_`	Sandbox	No
`sk_live_`	Production	Yes

Both key types use the same API endpoint (https://api.plexospay.com). The key determines the environment.

Navigate to API Keys

Click Settings → API Keys in the sidebar

Create a key

Click Create API Key, give it a name, and copy the secret key.

The secret key is only shown once. Store it securely — you cannot retrieve it later.

Never expose your secret key in client-side code

API keys should only be used server-side. Never include them in JavaScript bundles, mobile apps, or public repositories.

Use environment variables

Store your API key in an environment variable like PLEXOS_PAY_SECRET_KEY rather than hardcoding it.

Rotate keys regularly

If you suspect a key has been compromised, revoke it immediately and create a new one from the dashboard.

Use test keys for development

Always use sk_test_ keys during development. Switch to sk_live_ only in production.